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TAMPER RESISTANT PLAYER FOR panying drawings in which like references denote similar 

SCRAMBLED CONTENTS elements, and in which: 

FIG. 1 is a block diagram illustrating an overview of an 

RELATED APPLICATIONS exemplary tamper resistant module incorporated with vari- 

This application is a continuation-in-part application to 5 ous teachings of the present invention; 

U.S. patent application, Ser. No. 08/662,679, filed on Jun. FIGS. 2-3 are two flow charts illustrating one embodi- 

13, 1996, entitled Tamper Resistant Methods and Apparatus, ment each of the operational flows, at start-up time and 

now U.S. Pat. No. 5,892,899 and to U.S. patent application, during runtime, of an integrity verification method of the 

Ser. No. 08/906,693, filed on Aug. 6, 1997, entitled Cell present invention 

Array Providing Non-Persistent Secret Storage Through A 10 piG. 4 is a flow chart illustrating one embodiment of the 

Mutation Cycle, now U.S. Pat. No. 6,049,609. ' operational flow of an intruder detection method of the 

BACKGROUND OF THE INVENTION ^^J"™^ „ u n • 

FIGS. 5-6 are two flow charts illustrating one embodi- 

1. Field of the Invention 15 ment each of the operational flows of two observation 
The present invention relates to the field of system detection methods of the present invention; 

security. More specifically, the present invention relates to a FIG. 7 is a block diagram illustrating one embodiment of 
tamper resistant player for scrambled contents. a coupling technique of the present invention for inter- 

2. Background Information coupling various tamper resistant methods; 

Content management, such as management of scrambled 20 pjG. $ is a block diagram illustrating one embodiment of 

DVD contents, require the basic integrity of the manage- a tamper resistant player for scrambled contents, incorpo- 

ment operations to be assumed, or at least verified. While a rated with the teachings of the present invention; and 

number of security approaches such as encryption and p\Q 9 ^ a block diagram illustrating one embodiment of 

decryption techniques are known in the art, unfortunately, a corn puter system suitable for practicing the present inven- 

the security approaches can be readily compromised, 25 t - Qn 
because these applications and the security approaches are 

implemented on systems with an open and accessible DETAILED DESCRIPTION OF THE 

architecture, that renders both hardware and software INVENTION 

including the security approaches observable and modifiable Iq ^ foIIowing description, various aspects of the 

by a malevolent user or a malicious program. 30 present invention will be described. However, it will be . 

Thus, a system based on open and accessible architecture apparent to those skilled in the art that the present invention 

is a fundamentally insecure platform, notwithstanding the may be practiced with only some or all aspects of the present 

employment of security measures. However, openness and invention. For purposes of explanation, specific numbers, 

accessibility offer a number of advantages, contributing to materials and configurations are set forth in order to provide 

these systems' successes. Therefore, what is required are 3S a thorough understanding of the present invention. However, 

techniques that will render the operations of a scrambled j t w ju a i so be apparent to one skilled in the art that the 

content player, such as a DVD player, virtually unobservable present invention may be practiced without the specific 

or unmodifiable on these fundamentally insecure platforms, details. In other instances, well known features are omitted 

notwithstanding their openness and accessibility. or simplified in order not to obscure the present invention. 

SUMMARY OF THE INVENTION Parts of the descri P tion win be presented in terms of 

operations performed by a computer system, using terms 

In one apparatus, a group of plain text and obfuscated sucn as data, flags, bits, values, characters, strings, numbers 

cells of programming instructions is provided to implement an( j the like, consistent with the manner commonly 

a descrambler that descrambles scrambled content to gen- ^ employed by those skilled in the art to convey the substance 

erate descrambled content. of their work to others skilled in the art. As well understood 

In another apparatus, a group of plain text and obfuscated by those skilled in the art, these quantities take the form of 
cells of programming instructions is provided to implement electrical, magnetic, or optical signals capable of being 
an authenticator that provides appropriate authentication stored, transferred, combined, and otherwise manipulated 
challenges to a scrambled content provider, and generates 5Q through mechanical and electrical components of the corn- 
appropriate authentication responses to authentication chal- puter system; and the term computer system include general 
lenges from the scrambled content provider. . purpose as well as special purpose data processing 

In yet another apparatus, a group of plain text and machines, systems, and the like, that are standalone, adjunct 

obfuscated cells of programming instructions is provided to or embedded. 

implement an integrity verifier that performs integrity veri- 55 Various operations will be described as multiple discrete 
fication on a decoder. steps in turn in a manner that is most helpful in understand- 
In yet another apparatus, a group of plain text and ing the present invention, however, the order of description 
obfuscated cells of programming instructions is provided to should not be construed as to imply that these operations are 
implement a secrets holder that holds a number of secrets. necessarily order dependent, in particular, the order of 
associated with playing scrambled contents. In one eo presentation. 

embodiment, the secrets include secrets used in a mutual Referring now to FIG. 1, wherein a block diagram illus- 

authentication process, and the secrets used for descram- trating one embodiment of an exemplary tamper resistant 

bling the scrambled content. module incorporated with the various teachings of the 

present invention is shown. As illustrated, exemplary tamper 

BRIEF DESCRIPTION OF DRAWINGS 65 IcslsUn{ module 100 includes non-tamper resistant portion 

The present invention will be described by way of 102, and tamper resistant portion 104. For the illustrated 

embodiments, but not limitations, illustrated in the accom- embodiment, the two portions are linked together to form a 
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single executable module. For the purpose of this rated with this first integrity verification measure scans a 

application, the term module is used in a general sense to next portion of non-tamper resistant portion 102 and incre- 

mean a structural relationship between the various portions mentally calculates a signature for non-tamper resistant 

that facilitates exclusive communications between the por- portion 102, block 120. The GOC then updates the signature 

lions. 5 being incrementally calculated, block 122. Next, the GOC 

As described in the parent application, Ser. No. 08/662, checks if the end of non-tamper resistant portion 102 has 

679, non-tamper resistant portion 102 includes a number of been reached, block 124. If the end has not been reached, the 

plain text programming instructions implementing various process terminates, otherwise the process continues at block 

non-sensitive services of exemplary tamper resistant module 126. 

100, whereas tamper resistant portion 104 includes various 1Q At block 126, the GOC retrieves a signature pre-stored for 

groups of plain text and obfuscated cells 106 of program- non-tamper resistant portion 102, block 126. Tlie GOC then 

ming instructions implementing various sensitive services of compares the two signatures to verify the generated 

exemplary tamper resistant module 100. Each group of cells signature, blocks 128-130. If the generated signature is 

that implements a sensitive service or a collection of sensi- successfully verified, meaning that non-tamper resistant 

tive services includes at least one plain text cell 106. Briefly, portion 102 has not been modified, the GOC allows execu- 

the secrets associated with the services are distributed in 15 tion of module 100 to continue, otherwise, the GOC causes 

time and space, and obfuscated. The number of obfuscated execution of module 100 to terminate, block 132. Causing 

cells employed to obfuscate a service is service or sensitivity module to terminate may be achieved in any number of ways 

dependent. Generally, the larger number of obfuscated cells known in the art. Depending on the application, it may be 

employed, the more difficult it will be for the obfuscation to preferable to cause the module to fail further downstream 

be "decoded". For a more detailed description, see parent 20 from the point the non-tamper resistant portion's integrity 

application, Ser. No. 08/662,679. failed verification. 

Additionally, in accordance with the present invention, In other words, the run time integrity check is performed 

selected groups of plain text and obfuscated cells 106 incrementally over a number of verification check times 

incorporate a number of tamper resistant measures to verify during an execution run. Those skilled in the art will 

during operation that exemplary tamper resistant module 25 appreciate the incremental approach is particularly useful for 

100 has not been intruded nor being observed. The number performance sensitive services. The number of verification 

of groups employing these tamper resistant measures, as check times employed for an execution run is service or 

well as the frequencies and the number of tamper resistant sensitivity dependent. 

measures employed are also service or sensitivity depen- FIG. 4 illustrates one embodiment of the operational flow 

dent. As will be described in more details below, these 30 of the second integrity verification measure. At invocation 

tamper resistant measures include a number of integrity time, for the illustrated embodiment, a GOC incorporated 

verification measures and a number of anti-observation with this second integrity verification measure retrieves a 

measures. The integrity verification measures include first return address for the invocation, block 134. For the illus- 

integrity verification measure that verifies the integrity of trated embodiment, the GOC determines if the return 

non-tamper resistant portion 102 during run time as well as 35 address is within the address space of module 100, block 

start-up time, and a second integrity verification measure 136. If the return address is within the address space of 

that verifies an invocation of a group of plain text and module 100, meaning that the invocation did not originate 

obfuscated cells is not originated from an intruder. The from an intruder, the GOC allows execution of module 100 

anti-observation measures include a first anti-observation to continue, block 138, otherwise, the GOC causes execu- 

measure that verifies the processor executing module 100 is 40 tion of module 100 to terminate, block 140. Similarly, 

not operating in a mode that supports single step execution, causing module 100 to terminate may be achieved in any 
and a second anti-observation measure that verifies elapsed . number of ways known in the art. Depending on the 

execution times are consistent with normal unobserved application, it may be preferable to cause the module to fail 

execution, further downstream from the point the intrusion is detected. 

FIGS. 2-3 illustrate one embodiment of the operational 45 FIG. 5 illustrates one embodiment of the operational flow 

flow of the first integrity verification measure. FIG. 2 of the first a nti -observation measure. At a pre-selected point 

illustrates the operational flow at start-up time, whereas FIG. in time during an execution run, for the illustrated 

3 illustrates the operational flow during mn time. As shown embodiment, a GOC incorporated with this first anti- 

in FIG. 2, at start-up time, for the illustrated embodiment, a observation measure retrieves a processor execution mode 

group of cells (GOC) incorporated with this first integrity 50 state variable, block 142. For the illustrated embodiment, the 

verification measure scans non-tamper resistant portion 102 GOC determines if the state variable denotes an execution 

and calculates a signature for non-tamper resistant portion mode that supports single step execution, e.g. a debug mode, 

102, block 108. Next, for the illustrated embodiment, the block 144. If the state variable denotes an execution mode 

GOC retrieves a signature pre-stored for non-tamper resis- that does not support single step execution, meaning that 

tant portion 102, block 110. The GOC then compares the two 55 execution of module 100 is not being observed, the GOC 

signatures to verify the generated signature, blocks 112-114. allows execution of module 100 to continue, block 146, 

If the generated signature is successfully verified, meaning otherwise, the GOC causes execution of module 100 to 

that non-tamper resistant portion 102 has not been modified, terminate, block 148. Similarly, causing module to terminate 

the GOC allows the start-up process to continue, without may be achieved in any number of ways known in the art. 

skipping any verification dependent operations, block 116, eo Depending on the application, it may be preferable to cause 

otherwise, the GOC causes the start-up process to continue, the module to fail further downstream from the point obser- 

skipping the verification dependent operations, block 118. vation is detected. The number of times as well as the precise 

An example of verification dependent operations is opera- points in time during an execution run where the processor's 

tions associated with setting up the secrets required for execution mode is checked is service or sensitivity depen- 

delivering certain sensitive services. 55 dent. 

As shown in FIG. 3, at a verification check time during FIG. 6 illustrates one embodiment of the operational flow 

run time, for the illustrated embodiment, a GOC incorpo- of the second anti-observation measure. At a pre-selected 
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point in time during an execution run, for the illustrated resistant portion 174, 176, 178 and 180, including signature 

embodiment, a GOC incorporated with this second anti- 173, are structurally related to facilitate exclusive commu- 

observation measure retrieves a timer value from the pro- nication between the portions. For the illustrated 

cessor executing module 100, and records the retrieved timer embodiment, the two portions are linked together as a single 

value (timestamp), block 150. The GOC then continues to 5 executable module. 

perform the normal services it is designed to provide, block Non-tamper resistant portion 175 selectively invokes the 

152. At a pre-selected later point in time, the GOC checks an services of integrated tamper resistant portion 174, 176, 178 

amount of elapsed execution time since the last timestamp to and 180 to effectuate descrambling of the scrambled content, 

determine if the amount of elapsed execution has exceeded including causing player 170 and a scrambled content pro- 

a predetermined threshold, blocks 154-156. If the elapsed 10 vider device to be mutually authenticated with one another, 

execution time does not exceed the predetermined threshold, Non-tamper resistant portion 175 decompresses the 

meaning that execution of module 100 is not being observed unscrambled compressed content to generate the above 

(e.g. by setting breakpoints), the GOC allows execution of described output signals. Signature 173 is pre -stored in a 

module 100 to continue, block 158, otherwise, the GOC predetermined location to facilitate start-up time and run 

causes execution of module 100 to terminate, block 160. 15 time integrity verification as described earlier. 

Similarly, causing module to terminate may be achieved in F or the illustrated embodiment, tamper resistant services 

any number of ways known in the art. Depending on the 0 f tamper resistant decoder 172 includes tamper resistant 

application, it may be preferable to cause the module to fail descrambler 174 for receiving scrambled content, and in 

further downstream from the point observation is detected. response, descrambling the scrambled content to generate 

The number of times as well as the precise points in time 20 tne descrambled content for non-tamper resistant portion of 

during an execution run where the amount of elapsed decoder 172. In one embodiment, tamper resistant descram- 

execution time since a last timestamp is checked is service D j er 174 employs secret keys retrieved from tamper resistant 

or sensitivity dependent. secrets holder 180 to descramble the scrambled content. The 

FIG. 7 illustrates one embodiment of a coupling technique number of secret keys employed, and the nature of the keys 

for inter-coupling tamper resistant measures. As illustrated, 2 s are application dependent, and they are not essential to the 

the different tamper resistant measures are inter-coupled by understanding of the present invention. Tamper resistant 

having the measures share a common storage location, e.g. descrambler 174 is constituted with a group of plain text and 

in memory, for key values associated with the various obfuscated cells of programming instructions. In one 

tamper resistant measures. For the illustrated embodiment, a embodiment, the core descrambling service is disposed in a 

GOC stores a key for retrieving secrets in portion 162 of 30 plain text cell to provide enhanced performance. In one 

storage location 168, and a timestamp for determining embodiment, the GOC is equipped with the above described 

whether execution of module 100 is being observed in intruder detection integrity verification measure and the 

storage location 168 less portion 162. In determining single step execution mode detection anti-observation mea- 

elapsed execution time, the GOC only employs the bits sure. In one embodiment, the GOC is also equipped with the 

higher than portion 162. Additionally, the GOC uses lower 35 elapsed execution time detection anti-observation measure, 

order bits 164 as a seed to generate the pseudo random In one embodiment, the GOC is equipped with multiple ones 

numbers employed in an authentication process. Thus, if an of the elapsed execution time detection anti-observation 

intruder attempts to modify the timestamp to defeat the measure. In one embodiment, the elapsed execution time 

elapsed execution time check measure, it will cause the detection anti-observation measure is also inter-coupled 

authentication process as well as any attempt to retrieve 40 with the process for retrieving the secret keys associated 

secrets to fail. Similarly, if an intruder attempts to modify the with descrambling scrambled content, and the authentication 

seed for generating pseudo random number to defeat the process for mutually authenticating player 170 and a 

authentication process, it will cause the elapsed execution scrambled content provider device, 

time check as well as any attempt to retrieve secrets to fail. For the illustrated embodiment, tamper resistant services 

FIG. 8 illustrates one embodiment of ,a tamper resistant 45 of tamper resistant decoder 172 also includes tamper resis- 

player for scrambled content applying the tamper resistant tant authenticator 176 for authenticating tamper resistant 

teachings of the present invention. As shown, for the illus- player 170 to a scrambled content provider device and to 

trated embodiment, tamper resistant player 170 includes authenticate the scrambled content provider device to 

non-tamper resistant components 171 and tamper resistant tamper resistant player 170. In one embodiment, tamper 

decoder 172. Non-tamper resistant components 171 are 50 resistant authenticator 176 employs secret keys retrieved 

intended to represent a broad category of general service from tamper resistant secrets holder 180 to conduct the 

components, such as end user interfaces. These general authentication process. The number of secret keys 

service components may provide any one of a number of employed, and the nature of the keys are application 

variety of services, implemented using any one of a number dependent, and they are not essential to the understanding of 

of variety of techniques known in the art. Tamper resistant 55 the present invention. In one embodiment, tamper resistant 

decoder 172 receives scrambled compressed content, and in authenticator 176 is constituted with a group of plain text 

response, descrambles as well as decompresses the content and obfuscated cells of programming instructions. In one 

to output appropriate signals to render the content, e.g. YUV embodiment, the GOC is equipped with the above described 

video and AC3 audio. intruder detection integrity verification measure, and the 

Tamper resistant decoder 172 includes non- tamper resis- 60 single step execution mode detection anti -observation mea- 

tant portion 175, tamper resistant portion 174, 176, 178 and sure. In one embodiment, the GOC is also equipped with the 

180, and signature 173 for non-tamper resistant portion 175. elapsed execution time detection anti-observation measure. 

Non-tamper resistant portion 175 is constituted with plain In one embodiment, the GOC is equipped with multiple ones 

text programming instructions, whereas tamper resistant of the elapsed execution time detection anti-observation 

portion 174, 176, 178 and 180 is constituted with multiple 65 measures. In one embodiment, the elapsed execution time 

groups of plain text and obfuscated cells of programming detection anti-observation measure is also inter-coupled 

instructions. Non-tamper resistant portion 175 and tamper with the process for retrieving the secret keys associated 
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with descrambling scrambled content, and the authentication bridge 212. Coupled to processor bus 206 is cache 204. 

process for mutually authenticating player 170 and a Coupled to high performance I/O bus 210 are system 

scrambled content provider device. memory 214 and video memory 216, to which video display 

For the illustrated embodiment, tamper resistant services 218 is coupled: Coupled to standard I/O bus 220 are disk 

of tamper resistant decoder 172 also includes tamper resis- 5 drive 222, keyboard and pointing device 224 and DVD- 

tant integrity verifier 178 for integrity verifying non-tamper ROM 226. 

resistant portion of decoder 172 at start-up time, and during These elements perform their conventional functions 

run time. In one embodiment, tamper resistant integrity known in the art. In particular, disk drive 222 and system 

verifier 178 provides secret keys to be employed for mutu- memory 214 are used to store a permanent and a working 

ally authenticating player 170 and a scrambled content 10 copy of the tamper resistant application of the present 

provider device to secrets holder 180. The number of secret invention, when executed by processor 202. The permanent 

keys employed, and the nature of the keys are application copy may be pre-loaded into disk drive 222 in factory, 
dependent, and they are not essential to the understanding of loaded from a distribution medium (not shown), or down 

the present invention. In 0De embodiment, tamper resistant loaded from on-line/networked distribution source (not 

integrity verifier 178 is constituted with a group of plain text 15 shown). The constitutions of these elements are known. Any 

and obfuscated cells of programming instructions. In one one of a number of implementations of these elements 

embodiment, the GOC is equipped with the single step known in the art may be used to form computer system 200. 

execution mode detection anti-observation measure. In one Of course, computer systems of alternate constitutions, 

embodiment, the GOC is also equipped with the elapsed including computer systems of alternate architectures may 

execution time detection anti-observation measure. In one 2 q ^ e em pl°y e d to practice the present invention, 

embodiment, the GOC is equipped with multiple ones of the In general, while the present invention have been 

elapsed execution time detection anti-observation measures. described in terms of the above illustrated embodiments, 

In one embodiment, the elapsed execution time detection those skilled in the art will recognize that the invention is not 

anti-observation measure is also inter-coupled with the limited to the embodiments described. The present invention 

authentication process for retrieving the secret keys associ- ^ can be practiced with modification and alteration within the 

ated with descrambling scrambled content, and the authen- spirit and scope of the appended claims. The description is 

tication process for mutually authenticating player 170 and thus to be regarded as illustrative instead of restrictive on the 

a scrambled content provider device. present invention. 

Lastly, as alluded to, for the illustrated embodiment, Thus, a tamper resistant player for scrambled contents has 

tamper resistant services of tamper resistant decoder 172 30 been described, 

includes tamper resistant secrets holder 180 for storing What is claimed is: 

secrets associated with descrambling scrambled content. 1. An apparatus comprising: 

Secrets holder 180 also stores secrets associated with an a storage medium having stored therein a first group of 
authentication process for authenticating tamper resistant plain text and obfuscated cells of programming instruc- 
player 170 to a scrambled content provider device and to 35 tions designed to implement a descrambler that 
authenticate the scrambled content provider device to descrambles scrambled content to generate 
tamper resistant player 170. In one embodiment, tamper descrambled content, wherein the obfuscated cells are 
resistant secrets holder 180 is constituted with a group of mutated through an inter-cell dependent mutation pro- 
plain text and obfuscated cells of programming instructions cess; and 

in a cell array form as described in parent application, Ser. 40 an execution unit coupled to the storage medium for 

No. 08/906,693. In one embodiment, the GOC is equipped executing the programming instructions, 

with the above described intruder detection integrity vcrifi- 2. The apparatus as set forth in claim 1, wherein the first 

cation measure, and the single step execution mode detec- group 0 f p \^ n text and obfuscated cells of programming 

tion anti-observation measure. In one embodiment, the GOC instructions include an obfuscated cell of programming 

is also equipped with the elapsed execution time detection 45 instructions designed to implement a frequently invoked 

anti-observation measure. In one embodiment, the GOC is descrambling subfunction of the descrambler. 

equipped with multiple ones of the elapsed execution time 3, Th e apparatus as set forth in claim 1, wherein the first 

detection anti-observation measures. g roup of plain text and obfuscated cells of programming 

Thus, even if player 170 receives its content inputs instructions is equipped to verify that an invocation of the 

through an "open" bus, the content is nevertheless protected, 50 descrambler is not originated from an intruder, and/or execu- 

as the content will be provided to player 170 over the "open" tion of the first group of plain text and obfuscated cells of 

bus in scrambled form. Furthermore, the secrets associated programming instructions is not being observed, 

with descrambling the scrambled content, as well as the 4. The apparatus as set forth in claim 1, wherein the 

programming instructions performing the descrambling are storage medium further having stored therein a second group 

protected from intrusion as well as from observation. Yet, 55 of plain text and obfuscated cells of programming instruc- 

performance sensitive operations, such as the core descram- tions designed to implement an authenticate r that provides 

bling service, are not burdened. Lastly, the tamper resistant appropriate authentication challenges to a scrambled content 

services, i.e. descrambler 174, authenticator 176 etc. are provider device, and generates appropriate authentication 

highly portable, and may be linked up with any number of responses to authentication challenges from the scrambled 

decoder implementations. 60 content provider device. 

FIG. 9 illustrates one embodiment of a computer system 5. The apparatus as set forth in claim 4, wherein the 

suitable for practicing the present invention. As shown, for second group of plain text and obfuscated cells of program- 

the illustrated embodiment, computer system 200 includes ming instructions is equipped to verify that execution of the 

processor 202, processor bus 206, high performance I/O bus second group of plain text and obfuscated cells of program- 

210 and standard I/O bus 220. Processor bus 206 and high 65 ming instructions is not being observed, 

performance I/O bus 210 are bridged by host bridge 208, 6. The apparatus as set forth in claim 1, wherein the 

whereas I/O buses 210 and 212 are .bridged by I/O bus storage medium further having stored therein a second group 
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of plain text and obfuscated cells of programming instruc- 
tions designed to implement a secrets holder that holds a 
plurality of secrets associated with playing the scrambled 
contents. 

7. The apparatus as set forth in claim 6, wherein the 
second group of plain text and obfuscated cells of program- 
ming instructions is equipped to verify that execution of the 
second group of plain text and obfuscated cells of program- 
ming instructions is not being observed. 

8. The apparatus as set forth in claim 1, wherein the 
storage medium further having stored therein a plurality of 
plain text programming instructions designed to decode the 
descrambled content, the plurality of plain text program- 
ming instructions having a structural relationship with the 
descrambler that facilitates exclusive communication of the 
descrambled content from the descrambler. 

9. The apparatus as set forth in claim 8, wherein the 
storage medium further having stored therein a second group 
of plain text and obfuscated cells of programming instruc- 
tions designed to implement an integrity verifier that per- 



10 
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ming instructions is equipped to verify that execution of the 
second group of plain text and obfuscated cells of program- 
ming instructions is not being observed. 

18. An apparatus comprising: 

a storage medium having stored therein a first group of 
plain text and obfuscated cells of programming instruc- 
tions designed to implement a secrets holder that holds 
a plurality of secrets associated with playing scrambled 
contents, wherein the obfuscated cells are mutated 
through an inter-cell dependent mutation process; and 

an execution unit coupled to the storage medium for 
executing the programming instructions. 

19. The apparatus as set forth in claim 18, wherein the first 
group of plain text and obfuscated cells of programming 
instructions is equipped to verify that execution of the first 
group of plain text and obfuscated cells of programming 
instructions is not being observed. 

20. The apparatus as set forth in claim 19, wherein the 
storage medium further having stored therein a second group 



forms integrity verification on the plurality of plain text 20 of plain (cxt and obfuscated cells of programming instruc- 



25 



30 



programming instructions. 

10. The apparatus as set forth in claim 9, wherein the 
integrity verifier is designed to perform the integrity verifi- 
cation on the plurality of plain text programming instruc- 
tions at start-up time, and/or incrementally at run time. 

11. The apparatus as set forth in claim 9, wherein the 
second group of plain text and obfuscated cells of program- 
ming instructions is equipped to verify that execution of the 
second group of plain text and obfuscated cells of program- 
ming instructions is not being observed. 

12. An apparatus comprising: 

a storage medium having stored therein a plurality of 
plain text programming instructions designed to decode 
descrambled content, and a first group of plain text and 
obfuscated cells of programming instructions designed 35 
to implement an integrity verifier that performs integ- 
rity verification on the plurality of plain text program- 
ming instructions, wherein the obfuscated cells are 
mutated through an inter-cell dependent mutation pro- 
cess; and 40 

an execution unit coupled to the storage medium for 
executing the programming instructions. 

13. The apparatus as set forth in claim 12, wherein the 
integrity verifier is designed to perform the integrity verifi- 
cation on the plain text programming instructions at start-up 45 
time, and/or incrementally at run time. 

14. The apparatus as set forth in claim 12, wherein the 
storage medium further having stored therein a second group 
of plain text and obfuscated cells of programming instruc- 
tions designed to implement an authenticator that provides 50 
appropriate authentication challenges to a scrambled content 
provider device, and generates appropriate authentication 
responses to authentication challenges from the scrambled 
content provider device. 

15. The apparatus as set forth in claim 14, wherein the 55 
second group of plain text and obfuscated cells of program- 
ming instructions is equipped to verify that execution of the 
second group of plain text and obfuscated cells of program- 
ming instructions is not being observed. 

16. The apparatus as set forth in claim 12, wherein the 60 
storage medium further having stored therein a second group 
of plain text and obfuscated cells of programming instruc- 
tions designed to implement a secrets holder that holds a 
plurality of secrets associated with playing the scrambled 
contents. 

17. The apparatus as set forth in claim 16, wherein the 
second group of plain text and obfuscated cells of program- 



tions that implement an authenticator that provides appro- 
priate authentication challenges to a scrambled content 
provider device, and generates appropriate authentication 
responses to authentication challenges from the scrambled 
content provider device. 

21. The apparatus as set forth in claim 20, wherein the 
second group of plain text and obfuscated cells of program- 
ming instructions is equipped to verify that execution of the 
second group of plain text and obfuscated cells of program- 
ming instructions is not being observed. 

22. An apparatus comprising: 

a storage medium having stored therein a first group of 
plain text and obfuscated cells of programming instruc- 
tions designed to implement an authenticator that pro- 
vides appropriate authentication challenges to a 
scrambled content provider device, and generates 
appropriate authentication responses to authentication 
challenges from the scrambled content provider device, 
wherein the obfuscated cells are mutated through an 
inter-cell dependent mutation process; and 
an execution unit coupled to the storage medium for 
executing the programming instructions. 

23. The apparatus as set forth in claim 22, wherein the 
second group of plain text and obfuscated cells of program- 
ming instructions is equipped to verify that execution of the 
second group of plain text and obfuscated cells of program- 
ming instructions is not being observed. 

24. A method comprising: 

a) executing a first group of plain text and obfuscated cells 
of programming instructions to perform integrity veri- 
fication on a plurality of plain text programming 
instructions designed to decode descrambled content; 
and 

b) executing a second group of plain text and obfuscated 
cells of programming instructions to store a. plurality of 
secrets associated with descrambling scrambled con- 
tent if integrity of the plurality of plain text program- 
ming instructions is verified in (a). 

25. The method of claim 24, wherein each of (a) and (b) 
includes determining if execution of the first/second group 
of plain text and obfuscated cells of programming instruc- 
tions is being observed. 

26. The method of claim 24, wherein the method further 
65 comprises (c) executing a third group of plain text and 

obfuscated cells of programming instructions to provide 
appropriate authentication challenges to a scrambled content 
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provider device, and to provide appropriate responses to 
authentication challenges of the scrambled content provider 
device. 

27. The method of claim 26, wherein each of (a), (b) and 
(c) includes determining if execution of the first/second/third 5 
group of plain text and obfuscated cells of programming 
instructions is being observed. 

28. The method of claim 24, wherein the method further 
comprises (d) executing a fourth group of plain text and 
obfuscated cells of programming instructions to descramble 10 
scrambled content to generate the descrambled content if 
authentication with the scrambled content provider device is 
successful in (c). 
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29. The method of claim 28, wherein each of (a), (b), (c) 
and (d) includes determining if execution of the first/second/ 
third/fourth group of plain text and obfuscated cells of 
programming instructions is being observed. 

30. The method of claim 28, wherein (d) includes deter- 
mining if an invocation of the fourth group of programming 
instructions is originated from an intruder. 

31. The method of claim 28, wherein the method further 
includes (e) executing the plurality of plain text program- 
ming instructions to decode the descrambled content. 

***** 
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